[tor-bugs] #15968 [BridgeDB]: Add a "Content-Security-Policy" header to BridgeDB's HTTPS Distributor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jul 25 01:18:22 UTC 2015
#15968: Add a "Content-Security-Policy" header to BridgeDB's HTTPS Distributor
-------------------------+-------------------------------------------------
Reporter: isis | Owner: isis
Type: | Status: closed
enhancement | Milestone:
Priority: major | Version:
Component: | Keywords: bridgedb-https, security,
BridgeDB | bridgedb-0.3.3
Resolution: fixed | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Changes (by isis):
* status: needs_review => closed
* resolution: => fixed
Comment:
Merged for BridgeDB 0.3.3.
In the future, once they are more supported by browsers, we may want to
look into also including the `reflected-xss` and `frame-ancestors` Content
Security Polivy v2.0 directives.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15968#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list